HRPP Policy - Use of PHI

About This Policy

Effective date:
Last updated:
Policy Contact:

IU Human Subjects Office
(317) 274-8289

IU HRPP Policies

Related Policy Documents

View Research Data Management Policy

IU HRPP Guidance

Related Guidance Documents

View HIPAA Guidance

IU HRPP Documents

Related IRB Questionnaires

  • K - HIPAA
  • L - VA Research

View KC Crosswalk

Related Forms and Templates

Browse IU HRPP Forms

Regulatory References

7.0 - Definitions

authorization Per the Privacy Rule, an individual's permission to allow a covered entity to use or disclose the individual's protected health information (PHI) described in the authorization for the purpose(s) and to the recipient(s) stated in the authorization.

confidentiality The assurance that certain information about individuals, which may include a subject';s identity, health, behavior, or lifestyle information, or a sponsor's proprietary information, will not be disclosed without permission from the subject or sponsor.

covered entity Health plan, health care clearinghouse, or health care provider who electronically transmits any health information in connection with transactions for which HHS has adopted standards

data use agreement Under the Privacy Rule, an agreement between a covered entity and the recipient of a limited data set which specifies permitted uses and disclosures of the limited data set, identifies who may use or receive the limited data set, and restricts further use and disclosure.

de-identified Information that is rendered not individually identifiable by either the Expert Determination method or Safe Harbor Method described in the IU HRPP Policy on Use of PHI in Research, section 2.3.

device (medical device) As regulated by the FDA, an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is: 1) recognized in the National Formulary, or the United States Pharmacopeia, or any supplement to them; 2) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals; or 3) intended to affect the structure or any function of the body of man or other animals, and; which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. See Link-FDA Guidance for Industry and FDA Staff on Classification of Products as Drugs or Devices and Additional Product Classification Issues.-Link

HIPAA The Health Insurance Portability and Accountability Act of 1996. See also Privacy Rule.

identifier Information that can be used to link a sample or scientific result with a specific person or group of people, including any of eighteen (18) identifiers defined by the Privacy Rule and defined in the IU HRPP Policy on Use of PHI in Research, section 2.3, Safe Harbor Method.

legally authorized representative (LAR) An individual or judicial or other body authorized under applicable law to consent on behalf of a prospective participant to the participant's participation in the procedure(s) involved in the research. For definition of LAR in Indiana, see the IU HRPP Policy on Adult Individuals Lacking Consent Capacity.

limited data set A limited set of identifiable protected health information which excludes some identifiers as described in the IU HRPP Policy on Use of PHI in Research.

minimal risk The probability and magnitude of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during the performance of routine physical or psychological examinations or tests.

mininum necessary Standard under the Privacy Rule that PHI should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function.

privacy Refers to persons and their interest in controlling the access of others to themselves.

privacy board Under the Privacy Rule, the group of individuals charged with the review and approval of waivers of authorization.

privacy rule Federal Rule found at 45 CFR 160, and 164 subparts A and E, which establishes national standards for protection of individuals' medical records and other personal health information; applies to covered entities.

protected health information (PHI) Health information, including demographic information collected from an individual, that is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual, or to the provision of health care to an individual.

psychotherapy notes Notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual's medical record. Psychotherapy notes excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date (45 C.F.R. § 164.501).

recruitment Initial identification and contact with potential subjects, which may include both direct interactions with individuals and/or accessing identifiable data or specimens for the purpose of determining whether an individual or their data or specimen may participate or be included in a study.

research A systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge (Synonymous with clinical investigation For research subject to FDA regulations, any experiment that involves a test article and one or more human subjects, and that either must meet the requirements for prior submission to the FDA under §505(i), §507(d), or §520(g) of the Food, Drug & Cosmetic Act, or need not meet the requirements for prior submission to the FDA under these sections of the act, but the results of which are intended to be later submitted to, or held for inspection by, the FDA as part of an application for a research or marketing permit. The term does not include experiments that must meet the provisions of part 58 regarding nonclinical laboratory studies (21 CFR 50.3(c)).) The following activities are deemed not to be research under this definition: Scholarly and journalistic activities (e.g., oral history, journalism, biography, literary criticism, legal research, and historical scholarship), including the collection and use of information that focus directly on the individuals about whom the information is collected; Public health surveillance activities, including the collection and testing of information or biospecimens, conducted, supported, requested, ordered, required, or authorized by a public health authority. Such activities are limited to those necessary to allow a public health authority to identify, monitor, assess, or investigate potential public health signals, onsets of disease outbreaks, or conditions of public health importance (including trends, signals, risk factors, patterns in diseases, or increases in injuries from using consumer products). Such activities include those associated with providing timely situational awareness and priority setting during the course of an event or crisis that threatens public health (including natural or man-made disasters); Collection and analysis of information, biospecimens, or records by or for a criminal justice agency for the activities authorized by law or court order solely for criminal justice or criminal investigative purposes; Authorized operational activities (as determined by each agency) in support of intelligence, homeland security, defense, or other national security missions.

research personnel (See also investigator, IU-affiliated research personnel, non-key personnel, non-affiliated research personnel, principal investigator (PI), Student, Fellow, Resident PI, site-specific PI) Individuals engaged in human subjects research; specifically, individuals who interact or intervene with human subjects or access identifiable information for research purposes. May also be called investigators.

suspension Temporary cessation of some or all activities in a currently approved research study.

written/in writing Writing on a tangible medium (e.g. paper) or in an electronic format.

Back to top